iPhone and iPad Are First Consumer Devices Cleared for NATO Classified Data

Apple's iPhone and iPad running iOS 26 and iPadOS 26 have become the first consumer mobile devices cleared for NATO-restricted classified data. No special software or settings are required. MacRumors reports: Apple's devices are the first and only consumer mobile products that have reached this government certification level after security testing and evaluation by the German government. iPhones and iPads running iOS 26 and iPadOS 26 are now certified for use with classified data in all NATO nations.

In an announcement of the security clearance, Apple touted its security features: "Apple designs security into all of its products from the start, ensuring the most sophisticated protections are built in across hardware, software, and Apple silicon. This unique approach allows Apple users to benefit from industry-leading security protections such as best-in-class encryption, biometric authentication with Face ID, and groundbreaking features like Memory Integrity Enforcement. These same protections are now recognized as meeting stringent government and international security requirements, even for restricted data."

Restricted

[flyingfsck]

Restricted is the lowest default level. So it is good for very simple things like sports schedules and guard duties.

Re:

[Valgrus Thunderaxe]

Can governments actually make more competent devices than Apple? What are they? This sounds like some type of political, and not function distinction.

Re:

[Anonymous Coward]

Apparently the Apple fanbois don't like you pointing that out. EU Restricted is the minimum classification level followed by EU Confidential, EU Secret and EU Top Secret. It's hilarious how many news sites are reporting that NATO certified it for "classified" as if that's a level.

I'd pick GrapheneOS

[TheMiddleRoad]

Actually secure.

Re:

[tbords]

Actually secure.

I'd go more for a Linux based mobile operating system. Ubuntu Touch has made large strides in this field. So has Droidian.

Re:

[TheMiddleRoad]

Nope. https://madaidans-insecurities... [github.io] https://discuss.grapheneos.org... [grapheneos.org]

How about macOS?

[unixisc]

Is there any reason that macOS would be less secure than iOS or iPadOS?

Re:

[kwelch007]

Not really, but they're not the same OS, so there's no reason that (supposedly) iOS or iPadOS being "secure" has anything to do with MacOS being secure.

Re:

[Junta]

I've not used it in a while so I don't know if it is still the case, but *generally* the more flexible desktop platforms are frequently considered "less secure" because of how relatively more open ended interaction is between files and applications.

Mobile platforms started in a very isolated mode and implemented very precise, limited application permission model.

Desktop platforms, well, the cat is way out of the bag and attempts to add mobile-style permissions have been happening, but broadly speaking not n

Re:

[dgatwood]

Is there any reason that macOS would be less secure than iOS or iPadOS?

In a standalone sense, sure. You can compile arbitrary code and run it on macOS. iOS and iPadOS lack compilers, lack the ability to sign code, and will not run unsigned code. Add in a Mac to compile the code, though, and that distinction goes away.

Beyond that, I suppose that iOS has fewer device drivers, so there's probably a slightly smaller attack surface there. And there are probably fewer crufty libraries and daemons that could have security holes, but no, there's probably not enough difference to c

Re:

[dgatwood]

Is there any reason that macOS would be less secure than iOS or iPadOS?

In a standalone sense, sure. You can compile arbitrary code and run it on macOS. iOS and iPadOS lack compilers, lack the ability to sign code, and will not run unsigned code. Add in a Mac to compile the code, though, and that distinction goes away.

To expand on this. You can compile whatever you want and upload it to your device and run it. What you cannot do is distribute the binary in general. You have to physically plug the device into the Mac and give permission to upload and run the code. That is what is different than macOS. macOS will let you run a binary you downloaded from the internet, iOS/iPadOS will not.

Well, it will, but it involves enterprise distribution or other workarounds.

Re:

[Bert64]

There have been a steady stream of exploits and vulnerabilities for iOS too, and every other system for that matter.

Re:

[cusco]

Indeed. Data exfiltration in 3, 2, 1...

While another government..

[strUser_Name]

..demands Apple implement back doors.

Re:

[Anonymous Coward]

Meanwhile Israel (and any government it sells Pegasus to) can easily compromise these devices. No backdoor required. Google: NSO Pegasus.

Wow, a nothing burger.

[nsaspook]

a. DoD and contractor employees may have access to NATO classified information only when access is required in support of a U.S. or NATO program which requires such access (i.e., "need-to-know").

b. Access to NATO classified information requires a final DoD personnel clearance (except for RESTRICTED) at the equivalent level and a NATO briefing as described in section D., below. A security clearance is not required for access to NATO RESTRICTED information. (See also Section D, below.)

https://sgp.fas.org/libr [fas.org]

classification

[kqc7011]

At what level of classification are they cleared for? Controlled, Confidential or higher. Or up to what is discussed in a SCIF room?